Windows Defender Tips & Tricks | Bright Security Experts
At Bright, we love to share our knowledge helping business and technology leaders succeed in their digitalization, security, and analytics initiatives while making an impact.
Bright SecOps team is sharing some tips & tricks in favour of ones who want to implement Windows Defender.
During the implementation of Microsoft Intune at Bright, we had to get intimately familiar with Windows Defender and its management instrumentation. Overall, we came out quite impressed with the capabilities of the Security stack.
This article, however, is not covering Intune.
While we looked at Windows Defender, the first thing that got our attention was that many settings were available via the cloud console but not via the endpoint Gui. While they could be managed via PowerShell cmdlet, it is a real pain to do so.
(References: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction and https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction)
The “attack surface reduction” rules make sense for anyone that has dealt with malware-infested system. We went looking for a way for regular users to manage and experiment with them and came across this project – https://github.com/AndyFul/ConfigureDefender
You can grab the executable “ConfigureDefender” from the link above. Below, in the screenshots, is the recommended configuration we use in the office – you can apply it to your workstation.
That said, a HUGE disclaimer here – It might break your computer or network connectivity. Make sure you have a way out. A “system restore” point should suffice.
At the beginning of the new chapter that is 2021, we want to look back at the last 12 months and express our gratitude for yet another year of success and being together.
In August this year, BRIGHT became the first certified Splunk Professional Services Capability Practice for EMEA and in this regard, we plan a new, double expansion of the established Splunk Competence Center in Bulgaria.
Watch BRIGHT’s session from ServiceNow’s Now at Work 2020 digital experience. We are introducing our new translation app Locawise. Locawise solves the challenge to translate efficiently the ServiceNow platform with any content in any language.